CINDY A. COHN, ESQ.; SBN 145997
McGLASHAN & SARRAIL
Professional Corporation
177 Bovet Road, Sixth Floor
San Mateo, CA 94402
Tel: (415) 341-2585
Fax: (415) 341-1395
LEE TIEN, ESQ.; SBN 148216
1452 Curtis Street
Berkeley, CA 94702
Tel: (510) 525-0817
Attorneys for Plaintiff
Daniel J. Bernstein
IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF CALIFORNIA
DANIEL J. BERNSTEIN )
) C 95-00582 MHP
Plaintiff, )
) DECLARATION OF
v. ) MICHAEL PAUL JOHNSON
)
)
UNITED STATES DEPARTMENT )
OF STATE et al., )
)
Defendants. )
)
)
________________________________________)
I, Michael Paul Johnson, hereby declare:
1. I am a computer security consultant, and have extensive
experience and training in the field of cryptology.
2. Currently, I am the Vice President of Pion Engineering, Inc.;
the Director and President of Rainbow Missions, Inc.; and a Co-moderator
of the Internet newsgroup sci.crypt.research.
3. I am a Registered Professional Engineer in Colorado, fluent
in several computer languages and computer platforms, and have created
several cryptographic methods, including the Diamond and Diamond Lite
Encryption Algorithms, and the Sapphire II Stream Cipher and the Ruby Hash
Cipher.
4. I have published several documents on the subject of data
encryption. One of them is the "Where to Get Pretty Good Privacy (PGP)
FAQ," which can be found on the Internet newsgroup alt.security.pgp, as
well as in "Protect Your Privacy: A Guide for PGP Users" by William
Stallings. In addition, I wrote "Cryptology in Cyberspace," which
appeared in the October 1995 issue of Cryptologia.
5. I received my BS in Electrical Engineering and Computer
Science from the University of Colorado at Boulder, and my MS in
Electrical Engineering from the University of Colorado at Colorado
Springs. My master's thesis was related to data compression and
encryption. In addition, I attended the Navy Nuclear Power School
postgraduate training.
6. I would like to emphasize several points:
Cryptography Has Prominent Civil Applications
7. First, cryptographic technology has predominant civil
applications such as protection of privacy and prevention of fraud.
8. I use cryptographic technology to protect confidential
business information. For example, I encrypt email that contains
confidential business information. I also encrypt sensitive personal
communications, such as long distance peer counseling. If I did not, I
believe would not be properly protecting the privacy of my clients and
other correspondents.
9. I use cryptographic technology to implement cryptography
export controls on my website.
10. Cryptography allows one to append a digital signature to an
encrypted message. A digital signature is analogous to a signed signature
in which the message recipient can verify the authenticity of the message
sender. I use digital signature to authenticate most of the shareware and
electronic documents that I write and make it possible for people to check
for corruption, virus infection, or malicious tampering. For example, I
have digitally signed a book titled The Good News According to John, God's
Living Word Translation to validate its integrity and source.
11. Besides these direct benefits, I receive the indirect
benefit of non-military cryptography via secured banking transactions,
electronic payment authorizations, and privacy protection by people who
keep personal data about me.
12. Cryptographic technology is also used in academic and
scientific exchange of ideas and information.
No Reasonable Distinction Between Algorithms and Source Code
13. Second, the same mathematical algorithms can be used both
for authenticating data and encrypting messages. Consequently, the same
computer software that is designed to compute digital signatures, a task
which is not restricted by the ITAR, can be used to perform public key
encryption, a task which is restricted by the ITAR.
14. In fact, there is no reasonable distinction between
"software" and "algorithm." Both are descriptions of how to do some
mathematical tasks.
15. Let me use the classic one-time-pad algorithm to illustrate
these two points:
16. If I want to encrypt a message that includes an alphabetical
character , I can convert it to a numeric value (A), and then add this
numeric value (A) to a random number (B) known only to myself and the
recipient of this message. The sum is the ciphertext (C) that can be
transmitted over an insecure channel without compromising the secrecy of
the message (A). The recipient then subtracts the secret value (B) from
the ciphertext (C) to recover the message (A). A programmer can easily
perform this task in several programming languages. If I use the computer
language called C and modulo-2 addition, the algorithm is:
C = A ^ B;
17. The recipient can decrypt the encrypted message, by using
the same algorithm, and recover the numeric value (A).
A = C ^ B;
18. If I add nine lines of computer code for standard
administrative tasks, such as opening files, I have the source code of
this program.
19. If I compile the source code by simply pressing a button, I
have a working program.
20. From algorithm to source code to working program, each stage
above can easily be derived from the one above or below it.
21. Because computer languages are much more precise than either
natural languages (like English) or the standard mathematical notations to
explain computer algorithms, computer languages are useful for
communicating exact algorithms to other humans.
ITAR Has Chilled My Work And Publications In Cryptography
22. Third, the International Traffic in Arms Regulations (ITAR)
has chilled my cryptographic development and publication, in at least two
instances.
23. The first instance took place a few years back. As part of
my master thesis, I developed the MPJ encryption algorithm. Believing
that the algorithm was good enough to merit a broader audience, my
academic advisors recommended me to publish the algorithm, in conjunction
with the thesis itself. As part of the process, I wrote a shareware
encryption program that implemented the algorithm and distributed it
electronically.
24. I sent a courtesy copy to the NSA. The NSA informed me
that, although I could freely use and distribute my program in the United
States, exporting the shareware would be restricted by ITAR.
25. Because shareware simply can not be recalled, and normal
shareware distribution channels have absolutely no export barriers, I was
afraid that I might inadvertently violated some regulations, thus putting
my job (which at that time required a security clearance), my finances,
and even my freedom in danger. Because I did not want to violate or
appear to violate any United States laws, I stopped my cryptographic
publication activity.
26. The second instance took place about three years ago, when I
started work on a computer cryptography book that would include a
cryptographic function library on disk. I wanted to comply with all legal
requirements. I tried to find out the legal requirements, including the
difference between an exportable and non-exportable encryption program.
Starting in 1993, I spent many hours of telephone conversation with both
Department of State and National Security Agency (NSA) export control
officers, who consistently refused to tell me in advance what the criteria
were that they used to decide the difference between exportable and
non-exportable cryptographic software.
27. For example, on the afternoon of the 15th July, 1994, Brian
Rink of the NSA repeatedly refused to tell me what I needed to do to write
an encryption program that was exportable under the much less restrictive
Department of Commerce rules, insisting that I must submit a completed
program that was ready to sell and that they would only tell me if it was
exportable or not, with no reasons given either way. Even though Charlotte
Knepper of the NSA had earlier told me that they would evaluate a design
on a program if I submitted a "Commodity Jurisdiction Request" (CJ), Brian
Rink insisted on seeing a full implementation of the program before
telling me anything about its exportability. Brian said "We don't evaluate
designs." Later, when asking about key size limitations, I asked "If 40
bits wasn't acceptable, would you tell me what key size would be
acceptable?" Brian answered, "No. Probably not."
28. The CJ that Brian and I were discussing was returned without
action after the 15 business day time limit given by the Department of
State had expired, contrary to verbal promises given to me by both the
Department of State and the NSA.
29. When I submitted the second official "Commodity Jurisdiction
Request" (number 358-94 for "Quicrypt," a completed software product), the
NSA representatives again failed to meet the deadlines that they promised
by demanding that I make changes to the product on the 15th business day
since they acknowledged receipt of the CJ request. I made the exact
changes that they requested, documented them, and sent them to them
electronically the same day. They delayed an additional 5 working days
before issuing a response.
30. The NSA's conditions of (1) keeping my source code for
Quicrypt secret and (2) limiting the effective key length of only 32 bits
(weaker than a 40-bit key by a factor of 256) crippled the resulting
product to something that has not been nearly as successful as it would
have been without these restrictions, since I compete with unrestricted
products originating outside of the USA.
31. More than one year passed between the time I first started
asking and the time I managed to get a favorable response to a "Commodity
Jurisdiction Request." Comparing to a programming effort of about two
standard work weeks, NSA imposed an unreasonable administrative overhead
on my project. They also prevented me from writing much better software by
forcing me to divert resources from analysis and programming to many hours
of legal research.
32. While I was waiting for the approval of my shareware, some
people outside of the USA wrote some very good shareware encryption
products, including Secure Device, HPACK, enhancements to PGP, and Peter
Gutman's cryptographic toolkit. It is likely that many customers of these
products would be using my program, if the program was not delayed and
weakened by the NSA and was available in the market on time.
33. The NSA's policy and delay caused me damages, because ideas
published can result in consulting business, esteem, and other tangible
and intangible benefits. Delay is denial of these benefits during the
time of delay. This is especially important in the cryptology field
because "proprietary" encryption for which the author will not share the
source code is considered insecure. Serious cryptographers will not take
the programmer seriously unless he or she shares source code. In the
above two instances, the NSA denied me the right to share my source code
in a timely manner.
I declare under penalty of perjury that the foregoing is true
and correct and that this Declaration was signed at Longmont, Colorado.
Dated: ___________________
_____________________________
Michael Paul Johnson